Security

Home Depot victim of same malware that hit Target -- researcher

A credit card hack allegedly uncovered at Home Depot reportedly used a variant of the same malware that affected Target customers last year, says security researcher Brian Krebs.

storeexterior.jpg
Home Depot

The same malware that hacked the accounts of Target customers late last year may have compromised credit card information at Home Depot.

In his Krebs on Security blog published late Sunday, security researcher Brian Krebs cited "sources close to the investigation" who told him that two different variants of the same malicious software were responsible for cyberattacks against both retail chains. Specificially, one of the sources said that at least some of Home Depot's store registers were infected by a new variant of a malware strain known as "BlackPOS," the same type of malware found on point-of-sale systems at Target in last year's attack.

Detailed in August by security provider TrendMicro, the new BlackPOS variant specifically appears to be aimed at retail accounts as it has the ability to steal credit and debit card information from the physical memory of a point-of-sale device, Krebs explained. The new variant can also masquerade itself as a feature of antivirus software.

Last Tuesday, Home Depot revealed that it was investigating but didn't actually say that it had been the victim of a credit card breach. The company said it was working with law enforcement after Krebs said that "multiple banks" found evidence that Home Depot may be the source of a large number of stolen credit and debit card numbers up for sale on the black market.

If Krebs' sources are correct, it could mean the same people were involved in both breaches. Credit card numbers allegedly stolen from Home Depot have appeared on an underground cybercrime shop known as Rescator, which was also caught selling cards stolen in the Target breach. Further, the people involved in these attacks apparently harbor anti-American sentiments, according to Krebs.

Text strings discovered in the malware pointed to Web sites that criticized America's involvement in Libya, the Ukraine, and other foreign regions. Krebs' own investigation of Rescator discovered a related domain that referenced Libya's late leader Muammar Gaddafi with a blog post that contained some "harsh and frankly chilling anti-American propaganda."

The breach that hit Target last year affected more than 40 million customers. CNET contacted Home Depot and will update the story with any further details.